Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Using virtualized domain controller as NTP source ?

Posted on 2015-01-13
13
Medium Priority
?
448 Views
Last Modified: 2015-01-14
Hi,

I'm currently planning to change the current NTP provider from a physical old Windows 2003 server into the new Windows Server 2008 R2 Domain Controller running as VMware virtual machine.

So what are the caveats or the steps that I need to know to avoid any issue in using VM as the NTP for the entire company / Data Centre ?

Do I have to transfer FSMO role to another Domain Controller to do this or this is just a simple Group Policy change to point to another Virtualized Domain Controller ?

Thanks.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 2
13 Comments
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 668 total points
ID: 40548328
As far as the NTP clients are concerned, it's just a change in Group Policy. They won't know if the NTP server is a VM or not, nor will they care.

Before you set your 2008 R2 DC as the NTP Server for your entire domain, make sure you've disabled the time synchronization between the host and the VM otherwise you may experience issues with time drift even if you configure the server to use an external time source.

On that topic - what do you plan on using as your time source on the 2008 R2 DC? Will you be using an external time source such as ntp.pool.org?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40548356
Yes correct I will be using that pool.ntp.org lists with space in between the entries on the GPO.

How do I disable the time synch with the ESXi hosts ?
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 668 total points
ID: 40548362
See the steps in this article to disable time synchronization in ESXi: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189

You'll need to shut down the VM and follow the steps in the above article if you want to completely disable time synchronization.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 124

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1332 total points
ID: 40548420
Make sure that the old and new NTP Servers are running and issuing the same time!
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40548432
Thanks for the suggestion Andrew,

What do you mean by old and new ?
Do you mean I must check both the VM and the physical box so that there is no more than 5 minutes different ?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40548497
And last question... Do I need to transfer the FSMO role PDC emulator from this physical windows 2003 box to the Windows 2008R2 VM ?
0
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1332 total points
ID: 40548527
Hang on I've just seen this.....do you have options of using an External NTP source on the ESXi hosts , rather than a virtual machine.

We setup as follows:-

1. ESXi hosts - External Time Source

2. Windows PDC Emulator - External Time Source (same source as 1)

3. Do not Sync time to hosts in the VMs.

4. Windows VMs in the Domain will get time from PDC emulator

5. Linux/Unix VMs external time source as 1.

(otherwise you have an issue when ESXi starts, there is no time source available because the VM is not started, and if the time is apart by over 1/2mins it will not sync)
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40548629
Hmm I got confused myself here.

So my initial plan is to do the following:

All windows server and workstations synch to the new Windows Server 2008 R2 VM (not yet PDC emulator). This VM is synchronized to the external source of Pool.ntp.org --> I'm wondering if I have to transfer the FSMO role to the new win2008R2 VM or not necessary.

All ESXi hosts synch to this one VM above.
All network devices (switch, router, SAN, NAS, etc...) synch to the same windows 2008 R2 VM.

Would that be possible ?
0
 
LVL 124

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1332 total points
ID: 40548646
Windows and Workstations will sync against the domain, so, no need to change anything there.

Yes, that's a good plan.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40548659
Cool, thanks for the quick reply.

So why your configuration for the ESXi points to the external NTP source rather than the Windows PDC role VM ?
I'm curious to know the reasoning on your configuration #1 (1. ESXi hosts - External Time Source).

As for configuration #3(3. Do not Sync time to hosts in the VMs.), only the PDC emulator role VM that does not synch with the ESXi servers.
0
 
LVL 124

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 1332 total points
ID: 40548682
We have seen the NTP service on the ESXi host stop, and if you are syncing VMs with the host, they get the wrong time, so hence, sync time with domain.

We always like to sync servers with an external time source, we have seen issues on occasion with ESXi syncing with Domain, also we like to sync Physical Host to Physical Device, we have GPS and NTP Appliances.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40548691
ah I see,

So "ESXi syncing with Domain" do you mean the issues was occurred when the ESXi synch the time with the PDC emulator role running as VM ?
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40550650
Thanks !
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question